Buffer Overread Vulnerabilities in PHP Could Lead to Crashes or Memory Disclosure
CVE-2024-11233

8.2HIGH

Key Information:

Vendor

PHP Group

Status
Vendor
CVE Published:
24 November 2024

What is CVE-2024-11233?

A vulnerability exists in the PHP programming language due to an error in the convert.quoted-printable-decode filter, affecting versions prior to 8.1.31, 8.2.26, and 8.3.14. This flaw allows an attacker to induce a buffer overread by a single byte, which can lead to unexpected behavior, including application crashes or the potential disclosure of sensitive data from other memory regions. The severity of this vulnerability underscores the necessity for developers and system administrators to upgrade to the latest patched versions of PHP to mitigate risks associated with memory corruption.

Affected Version(s)

PHP 8.1.*

PHP 8.1.* < 8.1.31

PHP 8.2.* < 8.2.26

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Frostb1te
.